By choosing them from those available on the market, AVAST researchers have analyzed some GPS trackers, those small devices used to always know the position of children or pets. Gadgets that on paper should let us sleep soundly but which have often proved to be sieves from the point of view of security.
GPS tracker vulnerabilities
The GPS tracking devices analyzed by AVAST (including the T8 Mini GPS Tracker Locator and the Shenzhen i365 Tech) use the IMEI as an identifier, a bit like the phones, which is also used as a login for the online service. Anyone knowing the password could check the location of these specific trackers. Too bad that on at least 600,000 devices, a default password has been used so trivial as to be embarrassing: 123456.
Anyone, even the most unprepared, could easily control these devices. But that’s not all: researchers have discovered that all the data on these devices is transmitted in clear text, allowing anyone on the same network to intercept them effortlessly.
These and other serious vulnerabilities would allow hackers to carry out man-in-the-middle attacks and not just spy on the position, but also tamper with it by sending false data.
In the case of devices that include a microphone, speaker or camera, these can also be easily compromised.
The Avast study is available at this address.